Menu

Tag Archives: linux

Earlier this week, a new security vulnerability was discovered in the GnuTLS SSL/TLS library.
The vulnerability, indexed as CVE-2014-0092 or GNUTLS-SA-2014-2, affects the code responsible for verification of X.509 certificates and could potentially allow eavesdropping of encrypted network traffic.

The good news for linux users and system administrators is that the problem has been resolved in GnuTLS version 3.2.12.
Fixes are already available for most enterprise and desktop linux distributions, and patches have been published in the version 2.12.x git tree.
However, as both Ars Technica and Tom’s Guide have suggested, the vulnerability might affect more than just linux servers and workstations.
As a matter of fact, any application or appliance relying on a pre-3.2.12 version of GnuTLS is vulnerable and will require an update..

In my work as a technical support engineer I have come across many different problems caused by faulty Interrupt Remapping, with varying symptoms.
Depending on which device is affected, a system may lose network connectivity, access to storage devices, or experience a panic.
This can result in unmanageable hosts, unresponsive or failed virtual machines, system hangs or unexpected reboots.

On linux hosts, Interrupt Remapping can be disabled by booting the system with intremap=off.
On VMware ESX/ESXi hosts, the same result can be achieved by setting the iovDisableIR kernel parameter to TRUE.

Over the course of the past two years, a few hardware and software vendors I have worked with have published articles describing this issue.
Some of these are relatively new, others have been recently updated and improved.
I have referenced them below, in alphabetical order.

Additional note on linux:
Earlier this year, a patch was introduced in the Linux kernel to warn system administrator that their system is affected by this problem.
To my knowledge, this patch is included in recent kernel updates for the OpenSuSE, SLES, Fedora and RHEL linux distributions.